West African cybercriminal activity is driven by two types of threat
actors: Yahoo Boys and Next-Level Cybercriminals. Yahoo Boys, named for
their reliance on Yahoo apps to communicate, became the primary type of
cybercriminal in this region in the early 2000s. They focus on less
technically advanced schemes, including advanced-fee, stranded traveler
and romance scams under the supervision of a ringleader. Next-Level
Cybercriminals are able to execute more sophisticated attacks, such as Business
Email Compromise (BEC) and tax scams. The more complex attacks take
more time and investment, but the average BEC scam results in a payout
of $140,000, making it worth the extra time and effort.

“Our ongoing collaboration with INTERPOL is aimed at mitigating the
risks posed by cybercriminals around the world, with this research
specifically focusing on cybercrime in West Africa,” said Raimund Genes,
chief technology officer for Trend Micro. “While there is not yet an
actual underground marketplace, cybercrime is pervasive in West Africa.
Both the approach to cybercrime and the manner in which threat actors
communicate lead to a cybercriminal ecosystem unlike any other we’ve
experienced thus far. The unique nature of the problem also presents its
own set of roadblocks in bringing these criminals to justice.”

One constant finding throughout Trend Micro’s CUES research is that each
underground marketplace culturally reflects the region in which it
operates, and West Africa is no exception. Cybercriminals here openly
communicate, even potentially meeting in person, sharing best practices
and encouraging newcomers. This has developed a culture among threat
actors that encourages scamming and supporting one another.

“This joint paper shows that criminals across the region are becoming
more technically savvy, and this emerging underground market will
require an even stronger law enforcement response in the future, both in
terms of training for investigators and ensuring the appropriate
legislation is in place,” said Noboru Nakatani, Executive Director of
INTERPOL’s Global Complex for Innovation (IGCI). “In addition to
building awareness of cybercrime-related issues across West Africa and
beyond, the research also highlights the importance of public-private
partnerships in identifying and arresting criminals, as well as
educating businesses and governments about cyber threats.

“The joint paper with Trend Micro and other activities coordinated by
the INTERPOL Global Complex for Innovation, demonstrate the
Organization’s ongoing commitment to collaborative partnerships to
mitigate the damage caused by cybercriminals on the world economy and
society,” concluded Mr. Nakatani.

This report further highlights the importance of public-private
partnerships in identifying and arresting cybercriminals, as well as
educating businesses and governments about cyber threats. Trend Micro
and INTERPOL have a longstanding partnership, with joint operations and
research leading to the takedown of cybercriminal networks in a
collective effort to make the digital world safer for everyone. One such
collaboration in 2016 resulted in the arrest of a Nigerian national who
had extorted $60 million from businesses around the world using BEC
scams.

Trend Micro Incorporated, a global leader in cybersecurity solutions,
helps to make the world safe for exchanging digital information. Our
innovative solutions for consumers, businesses, and governments provide
layered security for data centers, cloud environments, networks, and
endpoints. All our products work together to seamlessly share threat
intelligence and provide a connected threat defense with centralized
visibility and control, enabling better, faster protection. With over
5,000 employees in over 50 countries and the world’s most advanced
global threat intelligence, Trend Micro enables organizations to secure
their journey to the cloud. For more information, visit www.trendmicro.com.